Forgot your password?
typodupeerror

Comment: Re:Because you think Google is any better? (Score 1) 218

by autocracy (#46677395) Attached to: Why No One Trusts Facebook To Power the Future

Google doesn't (as far as I know) sell user information to advertisers. They exclusively use their own analytics; all an advertiser can do is submit their target demographics and keywords, and let Google do the math.

s/Google/Facebook/ and that's true. Anybody with a Facebook account can create an advertising account and see what any advertiser sees for targeting options. Try it out, it's eye-opening. You can only provide ads to Facebook users through Facebook. Here's one step further from the company's 10-K filing with the SEC:

We generate a substantial majority of our revenue from advertising. The loss of marketers, or reduction in spending by marketers with Facebook, could seriously harm our business. The substantial majority of our revenue is currently generated from third parties advertising on Facebook. For 2013, 2012, and 2011, advertising accounted for 89% , 84% and 85%, respectively, of our revenue.

We generate the substantial majority of our revenue from selling advertising placements to marketers.

In 2013, developers received more than $2.1 billion from transactions enabled by our Payments infrastructure. While mobile applications can also integrate with Facebook, mobile applications do not process transactions using our Payments infrastructure.

(*.3 = 630 million).

If I compare that to Facebook's income statement, that leaves 235 million (3% of revenue) in loose change revenue. So basically, Facebook isn't running around making money except by selling ad placement. Fair disclaimers: I work for Facebook as a backend engineer for nearly a year now. I pulled all these numbers from the publicly available 10-K report.

I think that Facebook has matured into better respecting privacy from its early days through the years before I started there and I'm very happy with seeing how things are treated internally. I'm further certain that the idea of Facebook selling personally identifiable information about its users would massively undermine the point of having an advertising delivery platform. The attitude of everybody I'm around is about trying to make something that enriches the world.

Comment: Re:Could have told us what it is (Score 4, Interesting) 73

by autocracy (#40286167) Attached to: MariaDB and MySQL Authentication Bypass Exploit

Well, let's explain it right: the compare function uses a variable type cast that paired with certain compiler flags will improperly reduce a larger number storage to an 8 bit interger. memcmp returns 0 when there's a match, any other value otherwise. When some larger number is interpreted as a character and that number is mod(256), then you get a zero when you truncate the leading numbers.

Since the hashing function in MySQL has some variable used every time, you get a different number every time that returns a mismatch. 1 in 256 of those mismatches gets reduced to a number that is represented by a zero... which is appropriate to the cast function, but causes issues when used with memcmp.

Comment: Re:Two part problem (Score 1) 886

by autocracy (#40157899) Attached to: IT Positions Some of the Toughest Jobs To Fill In US

3. There has been, up until 2008, and attitude in the U.S. that any college degree is good enough. My state only graduated 40,000 people from community colleges/trade schools this year. Everyone with higher aspirations just went to a 4 year school. To do less is to view oneself as a failure(and employers do too).

There has been too much emphasis on college degrees, I think. This idea that everybody should start with getting a degree out of school seems to lead to many folks with a load of debt who may not be in the field that suits them at the end of the degree. Further, a degree in CS seems to have little correlation with the ability to effectively program. I'm sure there exist some programs that might relate to other fields of IT, but I don't personally know of any that properly convey the skills required for other IT disciplines.

Comment: Latency maps and looking glass servers (Score 1) 396

by autocracy (#39263573) Attached to: Ask Slashdot: What Is an Acceptable Broadband Latency?

Latency depends on your destination. It is limited by the speed of light, and governed by how lousy the link itself is. It's how you sometimes get stories like the 500 mile emailFor some reference points:

A map of expected United States latency from some place in Texas.

Often times your first hop on DSL will be slower... my own network right now shows 40ms to my ISP's gateway. 300ms is my ping time from Maine in the US to Australia.

Another helpful source of references are looking glass servers that will let you drop right into another provider's system and see ping times from their perspective.

Comment: Re:Linux security or trust (Score 4, Informative) 202

by autocracy (#39248135) Attached to: GitHub Hacked

This was brought up when kernel.org was compromised last year. The decentralized nature of git makes that really hard to sneak by, especially if you use the kind of process controls that the Linux kernel uses. Legitimate commits go through maintainers, and maintainers will definitely flip if they see code pulls into their repository that they didn't commit. Some deeper discussion about how you can't just sneak things into the past history is here: http://security.stackexchange.com/a/6771/836

Comment: Easy if you know what to do (Score 2) 189

by autocracy (#39192199) Attached to: How To Sneak In To a Security Conference

Hell, I joined the Ops team at Shmoocon this year without any credentials or signup. I tell you that isn't part of their plan. http://storyinmemo.com/?p=48

I spent a day at my first DEFCON missing my badge and managed to keep going all over the conference. Every year at DEFCON I make it a point to get into a guest-listed party that I didn't have access to. Why would RSA be different? I guarantee the DEFCON goons care more and the RSA ticket funds aren't going to making the conference more secure.

Their cost / benefit for tightening things down would be basically nothing.

Comment: Diversity in systems (Score 0) 326

by autocracy (#39110437) Attached to: Tech Billionaire-Backed Charter School Under Fire In Chicago

This has a very military / boot camp feel to it, and it is obviously have some sort of affect.

Students aren't required to go to the school, and the fines are relatively small. $5 seems enough to be discouraging to the students without breaking anybody's back.

More than anything, somebody is experimenting with a system, and education needs that. I don't know if it's right, but it's not a compulsory place to be and it's not wrong. Good on them.

Comment: HA! (Score 5, Insightful) 176

by autocracy (#38427864) Attached to: AT&T Officially Ends Plans To Acquire T-Mobile USA

Bite me, AT&T. Auto repair is competitive.

  * Cell phones in the US have a small pool of providers, especially the nation-wide crowd.
  * They primarily operate with 2 year contracts, and it's hard to get a phone without one.
  * There's a financial disincentive for buying a phone without a contract.
  * Text message rates (for which there is very little data usage, being measured in bytes) have been increasing.
  * Data plans have been increasing in price and providing tighter bandwidth restrictions at the same time.

I loathe AT&T, and I'm stuck with them. Competitive? I'd get out in a heartbeat if I felt I had somewhere to go. T-Mobile has been the closest saving grace to AT&T, so I really don't want to see that absorbed.

Thanks to the Fed did -- they did one right there.

Comment: Use of PGP (Score 1) 402

by autocracy (#37919900) Attached to: Ask Slashdot: How To Securely Share Passwords?
  • Private PGP key printed out as a QR code and placed in a safety deposit box. Why? Because it's a durable medium and the electronics can't go bad. You can put it on a USB key too for convenience.
  • Publish your list encrypted with the public keypair of that somewhere your relatives know and can get to.
  • Bank will keep them from snooping by only letting them access your box with a death cert.

Often statistics are used as a drunken man uses lampposts -- for support rather than illumination.

Working...